5GHz
daisy-chaining wireless mesh links, 155–157
DFS bands, 145
U-NII bands, 144
802.1X, 369
supplicant implementation on Cisco AP, 450–454
802.11, 10–11, 14. See also wireless networks
amendments, 13
authentication, 14
and broadcast delivery, 284
CCA (clear channel assessment), 97–98
cell of origin techniques, 306–307
examining client capabilities, 11–13
frames used for location services, 309–311
hotspots, 31
RFID tags, 20
rogues, 417
802.11ax, 246
802.11e, 250. See also EDCA (Enhanced Distributed Channel Access) algorithm
802.11r, 184–185. See also RSN (robust security network)
AAA (authentication, authorization, and accounting), 16, 79, 369. See also security
design overview, 443
RADIUS configuration on the wireless controller, 444
TACACS+ configuration, 444–445
ACLs (access control lists)
FlexConnect
ad-hoc rogues, 417
AireOS controller
CMX Connect service configuration, 346
alarms
Cisco DNA Center, 420
Cisco PI (Prime Infrastructure), 416
customizing, 418
severity levels, 417
amendments, 802.11, 13
anchor controller, 170
antennas, 14
omnidirectional, 156
for outdoor mesh networks, 145–147
patch, 103
AoA (Angle of Arrival), 308
AP-on-a-stick surveys, 54
AppleTV, 293, 294. See also mDNS (multicast DNS)
applications, real-time, 18–19, 106
APs, 18, 26, 29, 47, 67. See also DCA (Dynamic Channel Assignment); MAPs (mesh APs); RAPs (root APs); RRM (Cisco Radio Resource Manager)
autonomous, 78
roaming, 168
bandwidth consumption, 78
ceiling- and wall-mounted, 73
below ceiling tiles, 74
usable coverage area, 92
Cisco Wi-Fi mesh configuration, 152–153
configuring for location services, 316
coverage, 87
DTPC (Dynamic Transmit Power Control), 93–94
education environments, 31
EIRP (effective isotropic radiated power), 34–36
fallback, 197
groups, 221
grounding and securing, 75
in healthcare environments, 30
in high-density wireless networks, 99–102
maximum transmit power, 13, 123
in mesh networks, 139–141, 153–155
mGig connection, 72
minimum signal level, 14
positioning, 47–48, 56–59, 105
post-deployment site surveys, 62–64
power, 27
rate-shifting points, 63
intra-controller, 168
optimizing AP scanning process, 176–177
optimizing AP selection, 176
optimizing with 802.11k assistance, 178–179
optimizing with 802.11v assistance, 179
optimizing with CXX assistance, 177–178
security processes, 179
rogue, 417
transmit power capabilities, 92
warehousing environments, 33
WIPS deployment, 352
authentication, 179
802.11, 14
CWA (Central Web Authentication) with ISE, 394–397
EAP (Extensible Authentication Protocol), 369–374
implementing on controllers, 374–380
LWA (Local Web Authentication), 386–387
with an anchor controller, 391–392
certificate provisioning on the wireless controller, 392–393
configuring on AireOS controller, 387–391
configuring on IOS-XE controller, 391
redirect and authentication process, 387
and self-registration, 393–394
pre-, 182
autonomous APs, roaming, 168
AVC (Application Visibility Control). See also QoS (Quality of Service)
configuring on AireOS controller, 272–275
AWPP (Adaptive Wireless Path Protocol), 147–150
best practices, FlexConnect, 236–237
BLE (Bluetooth Low Energy), 305–306
blueprint studies, 37
Bluetooth, 53
Bonjour protocol, 293. See also mDNS (multicast DNS)
broadcast delivery, 284
BSA (basic service area), 87
BSS (basic service set), 87
building a troubleshooting method, 422–424
BYOD (Bring Your Own Device), 366, 385–386
CWA (Central Web Authentication) with ISE, 394–397
LWA (Local Web Authentication), 386–387
with an anchor controller, 391–392
certificate provisioning on the wireless controller, 392–393
configuring on AireOS controller, 387–391
redirect and authentication process, 387
and self-registration, 393–394
native supplicant provisioning, 397–398
CCA (clear channel assessment), 97–98, 132
CCKM (Cisco Centralized Key Management), 183
ceiling-mounted APs, 73
mounting above ceiling tiles, 74–75
mounting below ceiling tiles, 74
cells, 87, 88. See also RRM (Cisco Radio Resource Manager)
FRA (Flexible Radio Architecture), 104–105
in high-density wireless networks, 99–102
and receiver sensitivity, 88
usable coverage area, 92
CEPT (European Conference of Postal and Telecommunications Administrations) bands, 34
channels, 12, 33, 34. See also DCA (Dynamic Channel Assignment)
aggregating, 96
CEPT (European Conference of Postal and Telecommunications Administrations) bands, 34
DFS (Dynamic Frequency Selection), 144–145
and FRA mode, 105
ISM (Industrial, Scientific, and Medical) bands, 34
in multi-AP environments, 96–97
U-NII (Unlicensed National Information Infrastructure) bands, 143–144
width, 91
CHDM (coverage hole detection mitigation), 127–128
choosing
remote office wireless deployment model, 212
alarms, 420
client troubleshooting, 431–433
interferers, 436
reports, 412
Trends and Insight menu, Network insight, 414–415
Cisco ISE (Identity Services Engine), 440
TACACS+ (Terminal Access Controller Access Control System Plus) profiles, 446–450
Cisco PI (Prime Infrastructure), 39, 359, 406
alarms, 416
customizing, 418
Rogue AP, 417
severity levels, 417
client troubleshooting, 430–431
customizing RF calibration model, 362
interferers, 436
scheduling and managing, 410–411
clients. See also customers
authentication, implementing on controllers, 374–380
Cisco DNA center, troubleshooting, 431–433
Cisco PI, troubleshooting, 430–431
evaluating requirements, 10–11
examining 802.11 capabilities, 11–13
examining RF capabilities, 13–14
examining security capabilities, 14–15
local profiling configuration, 382–384
profiling, 380
QoS implementation, 267
receiver sensitivity, 88
on autonomous APs, 168
intra-controller, 168
optimizing AP scanning process, 176–177
optimizing AP selection, 176
optimizing with 802.11k assistance, 178–179
optimizing with 802.11v assistance, 179
optimizing with CXX assistance, 177–178
security processes, 179
rogue, 417
transmit power capabilities, 92
troubleshooting on the controller, 426–430
WGB (Workgroup Bridge), 141
tracking mobile devices, 324
CMX (Cisco Connected Mobile Experience), 314. See also MSE (Mobility Services Engine)
Connect service, 333
and DNA Spaces feature combination, 334
licenses, 333
Locate and Detect service, 333
services, 333
COF (Coverage Overlap Factor), 129
commands
show advanced location summary, 363
show mesh config, 155
show wireless tag, 236
congestion, 19
control plane policing, 456
controllers, 313
AireOS
precious metal profiles, 258–260
anchor, 170
AP fallback, 197
certificate provisioning, 392–393
CMX Connect service configuration, 343–345
distribution system ports
foreign, 170
high availability, 197
N+N+1 redundancy, 199
implementing client authentication, 374–380
interference management tools, 434–436
IOS-XE
LWA configuration, 391
local client profiling, 382–384
location services configuration, 316
LSS (Location Specific Services), 294
LWA (Local Web Authentication), 386–387
Mobility Announce messages, 173–175
validating mobility messages, 175–176
multicast delivery mode, 285–287
Multicast Direct configuration, 297–300
RADIUS configuration, 444
troubleshooting client issues, 426–430
cost metric (CM), 125
coverage, 26, 87. See also CHDM (coverage hole detection mitigation)
expanding with additional APs, 94–98
CPU ACLs (access control lists), 454–456
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 247
CSMA/CD (Carrier Sense Multiple Access with Collision Detection), 246
customers
evaluating security requirements, 16–17
examining client 802.11 capabilities, 11–13
gathering information on devices, 11
interviewing, 9
touring their facilities, 9–10
customizing
CMX location services, 324–327
RF calibration model on PI, 362
CWA (Central Web Authentication) with ISE, 394–397
dashboards, Cisco DNA Center, 412–414
data deployment model, 17–18, 98–99
DRS (dynamic rate shifting), 92
and SNR, 91
DBS (Dynamic Bandwidth Selection), 125
DCA (Dynamic Channel Assignment), 124–127
metrics, 125
DCF (Distributed Coordination Function), 246–250. See also EDCA (Enhanced Distributed Channel Access)
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance), 247
DIFS (DCF Interframe Space) timer, 247–248
RTU (Right to Use), 80
deployment models
education, 31
manufacturing, 33
small or home office, 29
devices
C9800
client density, 15
customer, gathering information, 11
examining client 802.11 capabilities, 11–13
rogue, 417
DFS (Dynamic Frequency Selection) channel, 12, 144–145
DHCP (Dynamic Host Configuration protocol), 79
distribution system, 192
Analytics, 338
Captive Portals, 349
creating a new portal from a template, 350–351
creating a new portal from scratch, 349–350
and CMX feature combination, 334
licenses, 333
services, 334
tracking mobile devices, 324
drawings, wireless networks, 9
DRS (dynamic rate shifting), 92, 106
DTPC (Dynamic Transmit Power Control), 93–94
EAP (Extensible Authentication Protocol), 369
authentication methods, 372–374
implementing client authentication, 374–380
EDCA (Enhanced Distributed Channel Access) algorithm, 250
ACs (Access Categories), 250–253
AIFSN (Arbitrated Interframe Space Number), 253
CW (contention window) timer, 254
TSpec (Traffic Specification), 255–256
TXOP (Transmission Opportunity), 254–255
ED-RRM (Event-driven RRM), 127
education environments, 31
EIRP (effective isotropic radiated power), 34–36
enterprise office environments, 28–29
ETSI (European Telecommunications Standards Institute), 33
regulations, 36
European countries, regulations, 36
evaluating
events, 416
examining
client 802.11 capabilities, 11–13
client density, 15
client security capabilities, 14–15
exclusion areas, CMX Analytics, 335
expanding, wireless coverage with additional APs, 94–98
FastLocate, 316
FCC (Federal Communications Commission), 33, 35
regulations, 36
FFT (Fast Fourier Transform), 51
final preparation
accessing Pearson Test Prep software, 459–460
ACLs (access control lists)
CAPWAP Message Aggregation, 224–225
groups
adding APs, 221
implementing with AireOS, 215
configure the locally switched WLANs, 216
configure the native VLAN and WLAN-to-VLAN mapping, 217–219
convert the AP to FlexConnect mode, 215–216
implementing with IOS-XE controllers, 230–236
OEAP (Office Extend AP), 237–238
resiliency scenarios, 222
Smart AP Image Upgrades, 228–230
foreign controller, 170
FRA (Flexible Radio Architecture), 104–105
FT (Fast BSS Transition), 184–185
FTM (Fine Timing Measurement), 61
GPS, 304
grounding, APs, 75
guest network services, 385
guest portals, 342
AUP (Acceptable Use Policy), 385–386
DNA Spaces Captive Portals, 349
creating a new portal from a template, 350–351
creating a new portal from scratch, 349–350
healthcare environments, 29–30
high availability
AP fallback, 197
controllers, 197
N+N+1 redundancy, 199
MSE (Mobility Services Engine), 356–358
high-density wireless networks, 99–102
hospitality and hotel environments, 30–31
hotspots, 31
verifying configuration, 362–364
IEEE 802.11. See 802.11
IGMP (Internet Group Management Protocol), 285
Implement phase (PPDIOO process), 8
inclusion areas, CMX Analytics, 335
infrastructure
cell of origin techniques, 306–307
logical, 67
physical, 66
mGig (MultiGigabit) technology, 71–72
PoE/PoE+, 69
power injectors, 71
inter-controller roaming, 168–171
on Cisco PI and DNAC, 436
interviewing the customer, 9
intra-controller roaming, 168
IOS-XE controller
FlexConnect implementation, 230–236
LWA configuration, 391
ISM (Industrial, Scientific and Medical) bands, 34
jammers, 53
KPIs (Key Performance Indicators), 414
Layer 1 site surveys, 38, 49–53
Layer 2 site surveys, 38, 54–59
leveraging, APs and antennas, 103–105
licenses
CMX (Cisco Connected Mobile Experience), 333
DNA Spaces, 333
limiting, transmit power levels, 102
location deployment model, 20–21, 61, 107–108
location engine, 314
MSE (Mobility Services Engine), 314
implementing WIPS, 351
verifying location accuracy, 361
location services, 308. See also CMX (Cisco Connected Mobile Experience); DNA Spaces
accuracy, 358
location requirements, 358–359
verifying AP settings, 360–361
AP configuration, 316
cell of origin techniques, 306–307
CMX (Cisco Connected Mobile Experience)
services and licenses, 333
tracking mobile devices, 320–324
licenses, 333
tracking mobile devices, 324
FastLocate, 311
precision vs. accuracy, 311–312
WLC configuration, 316
logical infrastructure, 67
requirements, 76
AAA and DHCP services, 79
LWA (Local Web Authentication), 386–387
with an anchor controller, 391–392
certificate provisioning on the wireless controller, 392–393
configuring on AireOS controller, 387–391
redirect and authentication process, 387
manufacturing environments, 33
AWPP (Adaptive Wireless Path Protocol), 147–150
MCS (Modulation and Coding Schemes), 54
architecture, 141
AWPP (Adaptive Wireless Path Protocol), 147–150
components, 139
daisy-chaining wireless mesh links, 155–157
DFS (Dynamic Frequency Selection) channel, 144–145
outdoor, antenna and mounting considerations, 145–147
site preparation and planning, 142
supported frequency bands, 143–144
U-NII (Unlicensed National Information Infrastructure) bands, 143–144
WGB (Workgroup Bridge), 141, 158–159
mGig (MultiGigabit) technology, 71–72
speeds and cable categories, 72
microwave ovens, 53
mobile devices, tracking
with DNA Spaces, 324
mobility groups
Mobility Announce messages, 173–175
validating mobility messages, 175–176
mounting APs
below ceiling tiles, 74
ceiling and wall, 73
for outdoor mesh networks, 145–147
RAPs (root APs), 147
MSE (Mobility Services Engine), 314
HA (High Availability), 356–358
implementing WIPS, 351
verifying location accuracy, 361
multicast delivery, 283
IGMP (Internet Group Management Protocol), 285
implementing on wireless networks, 290–293
PIM (Protocol Independent Multicast), 285
NAC (Network Admission Control), 450
narrow transmitters, 53
native supplicant provisioning, 397–398
NDP (Network Discovery Protocol), 115–118
noise floor, 89
offsite surveys
choosing the right type, 37
OKC (Opportunistic Key Caching), 182
omnidirectional antennas, 156
onsite surveys, 38, 44–45. See also site surveys
deployment considerations, 59–61
types of, 38
Operate phase (PPDIOO process), 8
Optimize phase (PPDIOO process), 8
optimizing the roaming process
with 802.11k assistance, 178–179
with 802.11v assistance, 179
security processes, 179
outdoor mesh networks, antenna and mounting considerations, 145–147
passive surveys. See validation surveys
patch antennas, 103
positioning, 105
PBM (Plan-Build-Manage) process, 8
PCI (Payment Card Industry), 32
Pearson Test Prep software
customizing your exams, 460–461
perimeters, CMX Analytics, 335
physical infrastructure requirements, 66
grounding and securing APs, 75
mGig (MultiGigabit) technology, 71–72
PoE/PoE+, 69
power injectors, 71
PIM (Protocol Independent Multicast), 285
Plan phase (PPDIOO process), 7
PMKID (Pairwise Master Key ID) caching, 182
POA (point of attachment), 170–171
PoE (Power over Ethernet), 16, 69
PoE+, 69
POP (point of presence), 170–171
positioning
patch antennas, 105
post-deployment site surveys, 38, 62–64
power
APs, 27
dBm, 50
EIRP (effective isotropic radiated power), 34–36
power injectors, 71
PPDIOO (Prepare, Plan, Design, Implement, Operate, Optimize) process, 7, 405
Prepare phase (PPDIOO process), 7
priority value, AP configuration, 195–196
provisioning resources, 397
QoS (Quality of Service), 15, 244–246. See also EDCA (Enhanced Distributed Channel Access) algorithm
implementing
for wireless clients, 267
mapping and marking schemes between client and controller, 256–258
mapping DSCP to UP in the client, 268–269
marking scheme implementation, 267–268
precious metal profiles, 258–260
RADIUS, configuring on the wireless controller, 444
displaying the mesh configuration, 155
mounting, 147
real-time applications, 18–19, 106
remote office wireless deployment models, 210–212. See also FlexConnect
choosing, 212
reports
Cisco DNA Center, 412
Cisco PI (Prime Infrastructure), 406–407
scheduling and managing, 410–411
requirements, physical infrastructure, PoE, 69
resiliency
FlexConnect, 222
antennas, 14
examining client capabilities, 13–14
maximum transmit power, 13
propagation, 94
troubleshooting coverage issues, 424–426
RFID tags, 20
association, 168
on autonomous APs, 168
CCKM (Cisco Centralized Key Management), 183
intra-controller, 168
Mobility Announce messages, 173–175
validating mobility messages, 175–176
OKC (Opportunistic Key Caching), 182
optimizing
with 802.11k assistance, 178–179
with 802.11v assistance, 179
AP selection, 176
security processes, 179
PMKID (Pairwise Master Key ID) caching, 182
preauthentication, 182g
and real-time applications, 106
reassociation, 168
RSN (robust security network), 179–182
4-way handshake, 180
key generation process, 180–181
rogues, 417
RRM (Cisco Radio Resource Manager), 99, 113–114
CHDM (coverage hole detection mitigation), 127–128
DCA (Dynamic Channel Assignment), 124–127
metrics, 125
event-driven, 127
FRA (Flexible Radio Assignment) algorithm, 128–130
NDP (Network Discovery Protocol), 115–118
RxSOP (Receiver Start of Packet Threshold Detection), 132–134
TPC (Transmit Power Control) algorithm, 120–124
ideal transmit power, 123
RSN (robust security network), 179–182. See also OKC (Opportunistic Key Caching); PMKID (Pairwise Master Key ID) caching
4-way handshake, 180
key generation process, 180–181
RSSI (received signal strength indicator), 50, 60, 88–99
RTLS (real-time location services), 20, 21, 107
RTU (Right to Use) licensing, 80
RxSOP (Receiver Start of Packet Threshold Detection), 132–134
security, 16–17. See also authentication
CCKM (Cisco Centralized Key Management), 183
client profiling, 380
examining client capabilities, 14–15
OKC (Opportunistic Key Caching), 182
PMKID (Pairwise Master Key ID) caching, 182
preauthentication, 182
RSN (robust security network), 179–182
WIPS (Wireless Intrusion Prevention System)
AP deployment, 352
implementing on MSE, 351
self-registration, LWA (Local Web Authentication), 393–394
show advanced location summary command, 363
show mesh config command, 155
show wireless tag command, 236
noise floor, 89
receiver sensitivity, 88
site surveys. See also surveys
choosing the right type, 37–38
deployment considerations, 59–61
offsite, types of, 38
SKC (Secure Key Caching), 182
small or home office environments, 29
smart spectrum analyzers, 51–52
SNR (signal-to-noise ratio), 14, 50, 60, 89–91
SAgE chip, 434
static IP tunneling, 171
surveys. See also deployment models
choosing the right type, 37–38
onsite, 38
sweep rate, 52
TACACS+ (Terminal Access Controller Access Control System Plus) profiles, 446–450
tools, 54
Ekahau Pro, 58
touring customer facilities, 9–10
TPC (Transmit Power Control) algorithm, 120–124
ideal transmit power, 123
tracking mobile devices, with CMX, 320–324
transmit power level, 92, 113–114, 123–124. See also TPC (Transmit Power Control) algorithm
limiting, 102
troubleshooting, 406
Cisco DNA Center client issues, 431–433
Cisco PI client issues, 430–431
client issues on the WLC, 426–430
unicast delivery, 297
U-NII (Unlicensed National Information Infrastructure) bands, 143–144
user behavior, 47
user density, and wireless network design, 99–102
UWB (Ultra-Wide Band), 305
video cameras, 53
voice/video deployment model, 18–20, 105–107
wall-mounted APs, 73
WANs, FlexConnect requirements, 214–215
warehousing environments, 32–33
WGB (Workgroup Bridge), 138, 141, 158–159
widgets, CMX Analytics, 336–337
Wi-Fi, 306. See also wireless networks
WIPS (Wireless Intrusion Prevention System)
AP deployment, 352
editing attack alarm properties, 355–356
editing SSIDs, 354
implementing on MSE, 351
wireless networks. See also APs; customers; deployment models; location services; QoS (Quality of Service); RRM (Cisco Radio Resource Manager)
antennas, 14
AoA (Angle of Arrival), 308
DTPC (Dynamic Transmit Power Control), 93–94
grounding and securing, 75
maximum transmit power, 13
minimum signal level, 14
positioning, 47–48, 58, 59, 105
post-deployment site surveys, 62–64
rate-shifting points, 63
authentication framework, 369–371
call capacity, 107
channels, 12
controllers, resiliency, 192–193
deployment models, remote office, 210–212
drawings, 9
evaluating customer requirements, 8–10
examining client 802.11 capabilities, 11–13
hotspots, 31
indoor location services, 302–303, 304–305
BLE (Bluetooth Low Energy), 305–306
UWB (Ultra-Wide Band), 305
mesh architecture, 138–139, 141
antenna and mounting considerations for outdoor networks, 145–147
Cisco Wi-Fi mesh configuration, 152–153
components, 139
daisy-chaining wireless mesh links, 155–157
DFS (Dynamic Frequency Selection) channel, 144–145
site preparation and planning, 142
supported frequency bands, 143–144
potential failure points, 191
QoS (Quality of Service), 244–246
mapping and marking schemes between client and controller, 256–258
precious metal profiles, 258–260
receiver sensitivity, 14
on autonomous APs, 168
intra-controller, 168
mobility groups, 171–173, 175–176
optimizing AP scanning process, 176–177
optimizing AP selection, 176
optimizing with 802.11k assistance, 178–179
optimizing with 802.11v assistance, 179
optimizing with CXX assistance, 177–178
security processes, 179
authentication, 14
troubleshooting
U-NII (Unlicensed National Information Infrastructure) bands, 143–144
user behavior, 47
WLANs, customer requirements, 17
WLCs. See controllers
WMM (Wireless Multimedia), 245. See also EDCA (Enhanced Distributed Channel Access) algorithm
Yagna RF Wi-Fi site planner, 39
zones, CMX Analytics, 335